By Geoffrey A. Fowler
Apple's new AirTags, $30 wireless devices that help you locate things, work well. Frighteningly well.
Clip a button-size AirTag onto your keys and it'll help you find where you accidentally dropped them in the park. But if someone else slips an AirTag into your bag or car without your knowledge, it could also be used to covertly track everywhere you go. Along with helping you find lost items, AirTags are a new means of inexpensive, effective stalking.
I know because I tested AirTags by letting a Washington Post colleague pretend to stalk me. And Apple's efforts to stop the misuse of its trackers just aren't sufficient.
To discourage what it calls "unwanted tracking," Apple built technology into AirTags to warn potential victims, including audible alarms and messages about suspicious AirTags that pop up on iPhones. To put Apple's personal security protections to the test, my colleague Jonathan Baran paired an AirTag with his iPhone, slipped his tag into my backpack (with my permission), and tracked me for a week from across San Francisco Bay.
I got alerts: from the hidden AirTag and on my iPhone. But it wasn't hard to find ways an abusive partner could circumvent Apple's systems. To name one: The audible alarm only rang after three days - then it turned out to be just 15 seconds of light chirping. And another: While an iPhone alerted me that an unknown AirTag was moving with me, similar warnings aren't available for the roughly half of Americans who use Android phones.
"These are an industry-first, strong set of proactive deterrents," Kaiann Drance, Apple vice president of iPhone marketing, said in an interview. "It's a smart and tunable system, and we can continue improving the logic and timing so that we can improve the set of deterrents."
Apple has done more to combat stalking than small tracking-device competitors such as Tile, which so far has done nothing. But AirTags show how even Apple, a company known for emphasizing security and privacy, can struggle to understand all the risks involved in creating tech that puts everyday things online.
"The intimate partner threat model is unique," Corbin Streett, a technology safety specialist at the National Network to End Domestic Violence, told me. "Generally, companies are thinking about external threats, not the person who knows your favorite color and your password and who sleeps next to you at night."
For most people, AirTags will be a useful convenience that offers precise tracking and a replaceable battery. So why focus on these problems? Because personal tech is no longer just about you. My job as a consumer advocate is to consider the people technology helps - and those it hurts. This applies to AirTags just like it does to Ring security cameras unfairly policing neighbors and social network algorithms spreading misinformation.
Digital stalking is remarkably common, experts say, and it's strongly linked to physical abuse, including murder.
"I don't expect products to be perfect the moment they hit the market, but I don't think they would have made the choices that they did if they had consulted even a single expert in intimate partner abuse," said Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation and a prominent advocate for fighting stalkerware.
Apple's Drance wouldn't say whether the company consulted domestic abuse experts in designing AirTags. "We don't have any more details to share about the process. But of course, we are open to hearing anything from those organizations," she said.
I'm glad Apple says AirTags were designed for updates, but some of the problems we identified can't be solved with software - or Apple designing privacy fixes that work only for Apple customers.
- - -
With Galperin's advice, we set up a test in which my colleague played the role of a stalker and I experienced what that would look like as a target. While the experiment helped us understand how AirTags work, our short glimpse into the world of stalkerware is nothing like the terror of actually being stalked.
After placing an AirTag in my bag, my colleague was able to find my whereabouts with remarkable precision. Once he associated the AirTag with his iPhone, the tag's location showed up in an iPhone app called Find My, included free with iPhones. (It started as a way to find lost Apple products and has expanded to other things.)
When I was riding a bike about San Francisco, the AirTag updated my location once every few minutes with a range of about half a block. When I was more stationary at home, my colleague's app reported my exact address.
How can such a tiny, watch-battery-powered device do that? Unlike phones and GPS devices, AirTags don't contain cellular Internet connections. Rather, they use Bluetooth wireless signals - the same ones that power headphones - to report their presence to other nearby devices that are connected to the Internet. (AirTags also contain a wireless technology called ultra-wideband that makes them even more precise but requires newer iPhones.) These location reports go back only to the AirTag's owner; nobody else knows where they are.
What makes AirTags particularly effective at tracking is that they can connect with the hundreds of millions of Apple products out there to share their location with their owners. Think of it this way: AirTags work everywhere there's a nearby iPhone.
Apple included one element that could help prosecute people who use them for stalking. Each AirTag has a fixed serial number physically printed on it and readable by Bluetooth. With a court order, Apple could reveal the identity of the iPhone the AirTag is registered to.
But first, the victim would have to discover the covert AirTag - and that's easier said than done.
- - -
Three days after being separated from my colleague, the AirTag he planted on me started chirping its presence. The sound measured at most about 60 decibels from three feet away - not much louder than the birds singing outside my window. And it lasted only about 15 seconds, after which the AirTag went silent for several hours before chirping for another 15 seconds.
This is supposed to keep people safe? "We do think it's a very clear, crisp sound," said Apple's Drance.
Worse, I discovered it's pretty easy to muffle the speaker on an AirTag by applying pressure to the device's white plastic cover, which has the speaker embedded in it. Buried inside tight car seats or tape, a victim might not notice a chirping AirTag for days - if at all.
But there's an even bigger problem: Waiting three days to alert a victim allows for a lot of stalking. Apple's Drance said that when the company chose that window, it was considering how alarms might disturb customers who are just borrowing a family member's backpack or accidentally leave an item behind. "We wanted to balance how these alerts are going off in the environment as well as the unwanted tracking," she said.
Streett's concern was that an abuser could game the alarm timing. An AirTag starts a three-day countdown clock on its alarm as soon as it's out of the range of the iPhone it's paired with. Since many victims live with their abusers, the alert countdown could be reset each night when the owner of the AirTag comes back into its range.
In many abuse situations, the alarm might never go off.
- - -
Apple's other major anti-stalking protection was harder to miss: an alert on my iPhone that read, "AirTag Found Moving With You." It popped up after I returned home from meeting my colleague.
How did my iPhone know? If you're carrying an iPhone 6S or newer with the latest iOS software, the phone's Bluetooth connection is regularly looking for nearby AirTags. The iPhone will notice if you're traveling with an AirTag that isn't also in the vicinity of its owner.
The iPhone makes these notices prominent, if the language is a little obtuse. Tapping on it takes you to the Find My app, where the first screen reads: "Your current location can be seen by the owner of this AirTag." Inside the Find My app - the potential victim's view - there was also a map of the places I traveled with the covert AirTag. The app instructs you how to temporarily silence the alert or disable the AirTag by removing its battery.
From there, though, Apple doesn't provide as much help as it could to people trying to locate an AirTag hidden in their belongings. One button in the Find My app lets you make the offending AirTag play a sound, but this often didn't work for me. (Perhaps I wasn't quite close enough to the AirTag or there was interference?) But none of the other Find My app functions for AirTag owners to find their own stuff - like measures of the distance between the iPhone and the AirTag - are available to unwanted tracking victims. Potential victims need those tools, too.
The Find My app also doesn't necessarily provide all the information stalking victims need. "I wish it would activate as soon as a tag that doesn't belong to you begins to move with you," Streett said. The app also lacks a function that just lets people instantly scan their vicinity for any AirTags to make sure they're safe.
Galperin said she's skeptical that Apple thought through all the real-world scenarios, such as if an abuser swapped his AirTag with one that belongs to his partner. (If the victim came back into the house and if it connected to the abuser's device quickly, then it may not pop up an alert.) And the alerts could be more helpful, she said, if they were also tuned to detect an AirTag in your car - one that moves with you frequently but then stays where you parked.
Also troubling: There's an option in the Find My app to turn off all of these "item safety alerts" - and adjusting it doesn't require entering your PIN or password. People in abusive situations don't always have total control over their phones.
Then there's the biggest hole of all in the alerts system: They aren't available to people using Android devices. "I'm really wary of security problems that have to be fixed by buying an iPhone," Galperin said.
Some of Apple's good pop-up alert ideas could benefit not only users of other phones but also people being tracked by other devices such as Tiles. "Wouldn't it be great if these companies partnered in a way where scanning for Bluetooth tracking devices is built into all phones?" Streett said.
There is precedent in Google and Apple working together to jointly develop Bluetooth coronavirus exposure alerts last year. In our increasingly connected world, addressing new risks is going to require working together.
The Washington Post